At Manchester Digital, we like to interview our members to find out a bit more about what they do and their work in the Greater Manchester digital and technology sphere. This week we're speaking with Partner/Co-founder, Robert Drake from Cyber Alchemy.
First of all, please introduce yourself..
Bob Drake, a co-founder and partner at Cyber Alchemy, is a veteran international business executive with a rich background in the healthcare technology sector. Bob's expertise was honed through his experiences as Country Manager in Indonesia, Managing Director in Malaysia and Thailand, and President in Japan, before taking on the roles of Regional Director for Syltone (an engineering company) and Allocate Software (Asia), a healthcare software multinational, both in Kuala Lumpur.
Bob has worked with Sheffield Hallam University as a Business Development Executive and latterly served as the Chief Commercial Officer at Samurai Digital Security Limited. His diverse experiences in software, education, and engineering industries have been pivotal in his current role at Cyber Alchemy, where he focuses on driving business growth and nurturing high-performance teams.
Formed in June 2023, Cyber Alchemy's inclusion in the UK Government's "Cyber Runway" accelerator program in September 2023 marked it as one of the most promising players in the cybersecurity field. This prestigious recognition is a nod to Cyber Alchemy's potential to influence and reshape the cybersecurity landscape. Within just six months of its inception, Cyber Alchemy achieved CREST certification, a testament to its exceptional standards in cybersecurity services and its commitment to excellence.
Central to Cyber Alchemy's ethos is its pioneering "Assess, Protect, Enable" methodology, which is more than a service offering; it's a philosophy. This method begins with a comprehensive assessment, identifying potential vulnerabilities in a client's digital infrastructure. The 'Protect' phase follows, where the team employs cutting-edge security measures, leveraging the expertise and technological advancements mastered during hundreds of cyber security assignments in the UK and overseas.. Finally, the 'Enable' phase focuses on empowering clients, ensuring they are not just protected but also informed and equipped to manage digital threats proactively.
Cyber Alchemy represents an evolution of vision and capability. With its remarkable achievements, innovative approach, and unwavering commitment to client safety and empowerment, Cyber Alchemy is not just responding to the cybersecurity challenges of today; it's anticipating and preparing for those of tomorrow.
What are some top cybersecurity unknowns and vulnerabilities that SMEs often overlook? How can we help make this higher priority?
Insufficient Employee Training: Employees are often the weakest link in cybersecurity. Many SMEs overlook the necessity of regular cybersecurity training for their staff, leaving them vulnerable to phishing attacks, social engineering, and other forms of manipulation.
Cyber Alchemy offer tailored cybersecurity training programs for SMEs, emphasising practical, real-world scenarios. Regular workshops or webinars can keep cybersecurity front and centre in employees' minds.
Outdated Software and Systems: SMEs frequently operate with outdated software and systems due to budget constraints or lack of awareness, making them easy targets for cyber-attacks.
Cyber Alchemy provide affordable and scalable solutions for system updates and maintenance. Educate SMEs about the risks of outdated systems through easy-to-understand content and case studies.
Lack of a Formal Cybersecurity Policy: Many SMEs lack a formalised cybersecurity policy, which can lead to inconsistent and inadequate security practices.
Cyber Alchemy assist SMEs in developing robust cybersecurity policies tailored to their specific needs and operations.
Poor Password Management: Weak or reused passwords are a common issue. SMEs often do not use password management tools or enforce strong password policies.
Cyber Alchemy educate SMEs about the importance of strong password policies and offer solutions like password management tools. We conduct workshops demonstrating the ease and importance of good password hygiene.
Underestimating Internal Threats: SMEs may not consider the risk of internal threats, either accidental or malicious, from their own employees.
Cyber Alchemy offer services for monitoring and securing internal systems, and provide training on identifying and mitigating internal risks.
Inadequate Response Planning: Many SMEs do not have an incident response plan in place, which can exacerbate the impact of a cyberattack.
Cyber Alchemy help SMEs develop and test incident response plans. We also offer services for crisis management and recovery post-breach.
Unsecured Mobile Devices and Remote Work: With the rise of remote work, SMEs often overlook the security of mobile devices and remote connections.
Cyber Alchemy advise and provide solutions for secure mobile and remote working, such as VPNs, secure messaging apps, and mobile device management.
How can we make cyber security a higher priority?
Awareness Campaigns: We use blogs, social media and events, such as our recent Capture the Flag event, to raise awareness such as National Cyber Security Awareness Month and National Fraud Awareness Week
Show Real Impact: We use case studies or news stories showing the real impact of cybersecurity breaches on businesses.
Regular Check-Ins and Updates: To keep cybersecurity as an ongoing conversation rather than a one-off discussion.
Specific industries: Many of our clients come from Fintech, Healthtech and Technology-oriented businesses:
Fintech is highly attractive to cybercriminals due to the financial transactions and sensitive financial data involved. Key concerns include data security, compliance with financial regulations (like GDPR in Europe, or the Payment Card Industry Data Security Standard (PCI DSS) globally), and protection against financial fraud. Cyber Alchemy offer specialised services in compliance management, secure transaction processing, and advanced threat protection tailored to fintech.
Healthtech: The healthtech sector deals with sensitive personal health information, making it a prime target for cyber-attacks. Key concerns include compliance with health data protection regulations, protecting patient privacy, and ensuring the security of medical devices and telehealth services. Cyber Alchemy focus on services that ensure compliance with health data regulations, offer robust data encryption methods, and provide security solutions for emerging technologies like telemedicine.
Technology-Oriented SMEs: These businesses, often at the forefront of innovation, need to protect intellectual property and maintain the integrity of their products and services. They are also likely to be early adopters of new technologies, which can bring unique security challenges. Cyber Alchemy offer cutting-edge cybersecurity solutions that evolve with technological advancements. Include cybersecurity consultation for emerging technologies and regular vulnerability assessments to protect intellectual property.
You take an ethical hacking approach to help identify and fill gaps. What are some key lessons from running these simulations?
Importance of a Proactive Security Posture: Many organisations are reactive rather than proactive. Regular penetration testing helps businesses stay ahead of threats by identifying and addressing vulnerabilities before they are exploited.
Complexity of Cyber Threats: The evolving nature of cyber threats is a constant learning point. Hackers continually develop new methods, making it crucial for ethical hacking approaches to be dynamic and adaptive.
Human Factor in Cybersecurity: Most breaches are due to human error or lack of awareness. Our exercises often highlight the need for robust training and awareness programs for all staff members.
The Need for Customised Security Solutions: Each organisation has unique vulnerabilities and security needs. We provide insights into how tailor-made solutions are far more effective than one-size-fits-all approaches.
The Value of Comprehensive Reporting: Post-testing reports are invaluable. They should not only detail vulnerabilities and breaches but also provide actionable recommendations. This is particularly important for executives, who need to understand the technical aspects in a clear and concise manner.
Regular Testing and Updates Are Essential: Cybersecurity is not a one-time solution. Continuous testing and regular updates to security protocols are essential, as new vulnerabilities emerge constantly.
Integration with Wider Security Strategy: Ethical hacking should not be standalone but part of a broader security strategy, including risk management, compliance, and incident response planning. We work with companies to develop these strategies.
Balancing Technical Complexity with Usability: Solutions need to be technically sound but also practical. Overly complex systems can create usability challenges and potentially introduce new vulnerabilities. This is a point that many cyber security consultancies miss in their desire to sell everything. For Cyber Alchemy, it's in our DNA as the "Enable" foundation of our ASSESS - PROTECT - ENABLE journey
Building Trust with Transparency: Ethical hacking can help build trust with stakeholders by demonstrating a commitment to security and transparency, which is crucial for the executives who are responsible for maintaining their company's reputation.
How could collaborating with Manchester Digital members help promote stronger cybersecurity culture and practices across their organisations?
By sharing our expertise through workshops and seminars, engaging in collaborative problem-solving, and building strong networks, we hope to raise awareness and develop bespoke cybersecurity solutions tailored to the unique challenges faced by members. Creating success stories and case studies from these collaborations will not only showcase the positive impact of robust cybersecurity but also promote a culture shift towards prioritising it within the tech community. Additionally, our future involvement in joint R&D projects and feedback loops will ensure continuous improvement in our services, keeping them relevant and effective against evolving cyber threats.
You have strong experience bringing the industry together through events. What opportunities do you see for further engaging and networking with the Manchester Digital community?
Hosting Specialised Workshops and Seminars: Organise events focused on emerging threats and advancements in cybersecurity, especially pertaining to fintech and web applications. These could range from technical workshops for IT professionals to executive briefings for decision-makers.
Participating in and Sponsoring MD Tech Events: Actively participate in MD tech meetups, conferences, and forums.
Roundtable Discussions and Think Tanks: Create a series of roundtable events where leaders from various tech sectors in Manchester can discuss challenges, trends, and innovations.
Collaborating on Industry Research: Partner with local universities to conduct research relevant to AI in cybersecurity and sharing this research at events.
Cybersecurity Awareness Campaigns: Run awareness campaigns that involve local businesses and the community. This could include open webinars, information sessions, and collaborations with local media.
Collaborative Projects, Hackathons and CTFs: Organise hackathons that address specific challenges in cybersecurity.
Thank you Robert!
To find out more about Cyber Alchemy click here.